Transfer of HIDS Schedules, Groups, and Templates (28 Views)
Reply
Super Advisor
Andrew Pollard
Posts: 261
Registered: ‎09-04-2002
Message 1 of 4 (28 Views)
Accepted Solution

Transfer of HIDS Schedules, Groups, and Templates

Hi,
I have been testing HIDS on a system that will not be our Primary Administation server. Am I able to transfer all the Schedules, Surveillance Groups, Templates, and Properties to the system that will be the primary Admin server?
Andrew Pollard
Respected Contributor
Pierre Pasturel
Posts: 130
Registered: ‎12-30-2001
Message 2 of 4 (28 Views)

Re: Transfer of HIDS Schedules, Groups, and Templates

Andrew -

For the Schedules, Groups and Templates, you can copy the .sched and .grp files whose basenames are the names of your customized schedules and groups and which reside in /var/opt/ids/gui/SurveillanceSchedules and /var/opt/ids/gui/SurveillanceGroups, respectively. There is no need to copy anything from /var/opt/ids/gui/Templates, as these do not contain any of your settings (all template property values are in your .grp files).

For the GUI properties, you should be able to simply copy the files in /etc/opt/ids/gui/config to your new admin host.

In order to avoid having to regenerate your certificates for your admin guide and all your agents, you should also copy over the files in /etc/opt/ids/certs/admin.

Pierre
Super Advisor
Andrew Pollard
Posts: 261
Registered: ‎09-04-2002
Message 3 of 4 (28 Views)

Re: Transfer of HIDS Schedules, Groups, and Templates

Hi Pierre,

I had to redo the certs, but everything else worked great.

Thanks.

Andrew
Respected Contributor
Pierre Pasturel
Posts: 130
Registered: ‎12-30-2001
Message 4 of 4 (28 Views)

Re: Transfer of HIDS Schedules, Groups, and Templates

Andrew -

I forgot to tell you that you need to change the REMOTEHOST entry in /etc/opt/ids/ids.cf on all your agents to have the IP address or host name of your new admin host. You can do this by running:
./IDS_importAgentKeys key_bundle.tar.Z admin_hostname

where admin_hostname is the name or IP address of your new admin host.

Or can you manually edit ids.cf to modify the value of REMOTEHOST.

The existing certs were fine.

A FYI in case you do this again.

Pierre
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.